Hopes for self-ruled Web dim in wake of FTC study

Industry watchers are worried that online companies are moving too slowly to protect consumer privacy -- and government intervention is becoming more likely. "The majority of Web sites do not disclose what they are doing (about collecting personal information).

Industry watchers are worried that online companies are moving too slowly to protect consumer privacy -- and government intervention is becoming more likely.

"The majority of Web sites do not disclose what they are doing (about collecting personal information). Yet, they are selling information," said Susan Scott, executive director of privacy policy auditing organization TRUSTe.

The comments came as the industry and privacy-rights organizations awaited a massive audit of Web sites by the Federal Trade Commission slated for this month. The results are expected to be released in July.

The audit resembles an October FTC review of 126 Web sites aimed at children. The results, reported in December, found fewer than 30 percent of the sites included a privacy policy statement. The poor showing prompted the FTC to audit the industry again.

No privacy, no money
Online privacy is at the top of the concern list of consumers who use the Internet.

In a survey of 999 adults, of which 404 were Internet users, a March BusinessWeek poll found that 61 percent of the non-users would go online if their privacy were protected. Experienced users were more adamant -- 78 percent would use the Internet more if privacy were protected.

With such numbers, it's no wonder that the FTC is pressing hard to get privacy issues addressed by Web sites.

Yet, the industry fears that the audit will reveal that the majority of sites do not post any policy on how they gather and use information collected on visitors.

'They're auditing sites, but they haven't set a standard for what they want to see.'-- Craig Donato, Excite Inc.

"Quite frankly, the industry has not done enough," said TRUSTe's Scott. "And that shows little foresight. They can voluntarily regulate themselves, or Congress will happily do it for them."

TRUSTe, an organization of 80 members, is creating its own "trust mark." Each member must post a privacy policy that meet's the coalition's privacy guidelines. To ensure compliance, the organization audits its members on a regular basis.

Privacy police?
If this month's audit turns up little industry initiative, the FTC won't be sympathetic.

"They've had a year and a half" to ease consumer concerns, said Claudia Farrell, spokeswoman for the FTC. She estimated that more than 80 bills related to privacy sit before Congress today.

TRUSTe's Scott believes the FTC wants the industry to succeed, but isn't willing to stand by if nothing is done.

"It is not going to stick its head in the sand and pretend there is no problem," she said. "They will say to the industry, 'You blew it.' "

The industry hopes it doesn't come to that.

"I think stating a clear policy for somebody you're doing business with is the right thing to do," said Tom Taggart, a spokesman for financial firm Charles Schwab & Co. Schwab does not sell information to third parties and has posted its privacy policy since it started Internet trading in early 1996.

E-commerce too new
Yet, several companies beefing up their presence on the Web are unsure how to approach privacy.

Craig Donato, vice president of product marketing at search engine Excite Inc., wishes the FTC would have given out some guidelines before the sweep.

"They're auditing sites, but they haven't set a standard for what they want to see," Donato said. Excite, which posted its policy earlier this year, only provides a user's personal information to third parties after it's received permission.

For Purple Moon -- a site geared toward girls -- privacy is of paramount importance. "We want girls and their parents to feel safe on our site," said Karen Gould, spokeswoman for Purple Moon. "We involve the parent in the verification process, and we don't sell our information at all." The site has more than 51,000 users registered; each visits an average of 1 1/2 times per day, viewing 50 pages each time.

"It took many years -- if not decades -- for direct mail and telephone marketing to self-regulate," said Chet Dalzell, spokesman for the Direct Marketing Association. "We've had only two years."

The DMA has pushed the industry to shift its efforts to address consumer privacy concerns into high gear. The association has even posted a Web form that, after it's filled out, generates a tailored privacy policy for online companies.

Yet, with only 700 policies generated since summer, even this proactive effort may be too little too late.